PDA

View Full Version : Another help request .....



Amson
2009-03-13, 12:08
I have downloaded something which has disabled my virus scanner and also AdAware. My virus scanner does pick up an error on booting saying infected with win32/Obitel which creates temp files. These are named in3.tmp, in1.tmp etc. I can remove them with unlocker only. Files reappear when I restart computer and also app every half hour. I have scanned with Spybot and no infection picked up. Also downloaded a few others as you can see but nothing. Computer runs so slow.

Details of Hijack this file are:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:00 PM, on 13/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Other Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Other Program Files\Super\SUPERAntiSpyware.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Other Program Files\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Other Program Files\Super\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Other Program Files\Super\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Other Program Files\Lavasoft\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9093 bytes


I'd love some help to sort this out. Thanks!

Blade81
2009-03-15, 11:37
Hi,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Amson
2009-03-15, 13:10
Thanks so much for your reply Blade81.

Here are the files requested:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Carolyn Stewart at 21:05:19.96 on Sun 15/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1074 [GMT 10:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Other Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Other Program Files\Super\SUPERAntiSpyware.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carolyn Stewart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.my.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\other program files\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\other program files\super\SUPERAntiSpyware.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\caroly~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - c:\program files\hello\PicasaCapture.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
Trusted Zone: virginmobile.com.au\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - d:\other program files\super\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\other program files\super\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R?2 aawservice;Lavasoft Ad-Aware Service;d:\other program files\lavasoft\aawservice.exe [2008-9-10 611664]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-13 11840]
R1 SASDIFSV;SASDIFSV;d:\other program files\super\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;d:\other program files\super\SASKUTIL.SYS [2008-11-17 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-13 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-13 151297]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-26 1174152]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-13 52032]
R3 SASENUM;SASENUM;d:\other program files\super\SASENUM.SYS [2008-11-17 7408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2009-1-21 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2009-1-21 13312]

=============== Created Last 30 ================

2009-03-14 07:01 <DIR> --d----- c:\windows\pss
2009-03-13 19:58 <DIR> --d----- c:\program files\Trend Micro
2009-03-13 16:42 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Desktopicon
2009-03-13 16:42 <DIR> --d----- c:\program files\Unlocker
2009-03-13 14:07 <DIR> --d----- c:\program files\Avira
2009-03-13 14:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-13 13:20 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-13 13:19 <DIR> --d----- c:\documents and settings\carolyn stewart\.housecall6.6
2009-03-13 09:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-13 08:14 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-03-12 19:03 0 a------- C:\23990098.$$$
2009-03-12 19:00 28 a------- c:\windows\Lic.xxx
2009-03-12 19:00 28,672 a------- c:\windows\system32\eEmpty.exe
2009-03-12 19:00 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-12 19:00 146,432 a------- c:\windows\REGEDIT.COM
2009-03-12 19:00 146,432 a------- c:\windows\R.COM
2009-03-12 19:00 135,680 a------- c:\windows\system32\TASKMGR.COM
2009-03-12 19:00 135,680 a------- c:\windows\system32\T.COM
2009-03-12 19:00 <DIR> --d----- c:\program files\common files\MicroWorld
2009-03-12 19:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld
2009-03-12 15:29 26,112 a------- c:\windows\system32\stu2.exe
2009-02-24 19:31 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Malwarebytes
2009-02-24 19:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-24 19:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-24 19:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 08:35 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID

==================== Find3M ====================

2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-25 10:15 1,882 a------- c:\windows\eReg.dat
2008-12-21 09:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-15 09:49 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2006-05-14 10:39 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLea.DAT
2002-07-28 23:40 1,059,840 a------- c:\program files\DS_Bonus_Plugin.8bf
2008-12-12 14:11 2,932 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-29 06:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat
2008-11-28 18:11 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2008-11-28 18:11 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-11-28 18:11 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 21:06:16.26 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 28/02/2006 5:23:30 PM
System Uptime: 15/03/2009 5:05:40 PM (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 7.745 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 15.827 GiB free.
E: is FIXED (NTFS) - 127 GiB total, 54.16 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 73.112 GiB free.
G: is FIXED (NTFS) - 135 GiB total, 1.775 GiB free.
H: is FIXED (NTFS) - 279 GiB total, 244.996 GiB free.
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1054: 7/02/2009 11:53:38 AM - System Checkpoint
RP1055: 7/02/2009 2:44:45 PM - Software Distribution Service 3.0
RP1056: 7/02/2009 9:48:17 PM - Software Distribution Service 3.0
RP1057: 8/02/2009 9:15:28 PM - Software Distribution Service 3.0
RP1058: 9/02/2009 9:35:00 PM - Software Distribution Service 3.0
RP1059: 10/02/2009 11:59:39 AM - Software Distribution Service 3.0
RP1060: 10/02/2009 10:30:44 PM - Software Distribution Service 3.0
RP1061: 12/02/2009 6:18:15 AM - Software Distribution Service 3.0
RP1062: 12/02/2009 9:43:51 PM - Software Distribution Service 3.0
RP1063: 13/02/2009 8:53:37 PM - Software Distribution Service 3.0
RP1064: 14/02/2009 10:12:33 PM - Software Distribution Service 3.0
RP1065: 15/02/2009 8:58:36 PM - Software Distribution Service 3.0
RP1066: 16/02/2009 7:45:43 AM - Software Distribution Service 3.0
RP1067: 16/02/2009 2:34:53 PM - Software Distribution Service 3.0
RP1068: 16/02/2009 9:36:37 PM - Software Distribution Service 3.0
RP1069: 17/02/2009 2:20:31 PM - Software Distribution Service 3.0
RP1070: 17/02/2009 8:55:48 PM - Software Distribution Service 3.0
RP1071: 18/02/2009 9:23:31 AM - Software Distribution Service 3.0
RP1072: 18/02/2009 5:56:33 PM - Software Distribution Service 3.0
RP1073: 18/02/2009 9:04:42 PM - Software Distribution Service 3.0
RP1074: 19/02/2009 12:29:48 PM - Software Distribution Service 3.0
RP1075: 19/02/2009 8:26:24 PM - Software Distribution Service 3.0
RP1076: 20/02/2009 2:36:40 PM - Software Distribution Service 3.0
RP1077: 20/02/2009 9:50:21 PM - Software Distribution Service 3.0
RP1078: 21/02/2009 9:49:56 AM - Software Distribution Service 3.0
RP1079: 21/02/2009 11:26:24 PM - Software Distribution Service 3.0
RP1080: 22/02/2009 6:07:04 PM - Software Distribution Service 3.0
RP1081: 22/02/2009 10:29:39 PM - Software Distribution Service 3.0
RP1082: 23/02/2009 11:28:39 AM - Software Distribution Service 3.0
RP1083: 23/02/2009 9:29:34 PM - Software Distribution Service 3.0
RP1084: 24/02/2009 12:06:00 PM - Software Distribution Service 3.0
RP1085: 24/02/2009 9:08:26 PM - Software Distribution Service 3.0
RP1086: 25/02/2009 11:01:30 AM - Software Distribution Service 3.0
RP1087: 25/02/2009 9:28:54 PM - Software Distribution Service 3.0
RP1088: 26/02/2009 6:14:40 AM - Software Distribution Service 3.0
RP1089: 26/02/2009 7:58:59 PM - Software Distribution Service 3.0
RP1090: 27/02/2009 8:00:01 PM - Software Distribution Service 3.0
RP1091: 27/02/2009 9:47:48 PM - Software Distribution Service 3.0
RP1092: 28/02/2009 9:44:26 PM - Software Distribution Service 3.0
RP1093: 1/03/2009 9:38:18 PM - Software Distribution Service 3.0
RP1094: 2/03/2009 9:35:49 PM - Software Distribution Service 3.0
RP1095: 3/03/2009 1:08:15 PM - Software Distribution Service 3.0
RP1096: 3/03/2009 9:23:22 PM - Software Distribution Service 3.0
RP1097: 4/03/2009 9:42:48 PM - Software Distribution Service 3.0
RP1098: 5/03/2009 10:02:31 PM - Software Distribution Service 3.0
RP1099: 6/03/2009 3:48:57 PM - Software Distribution Service 3.0
RP1100: 6/03/2009 9:24:42 PM - Software Distribution Service 3.0
RP1101: 7/03/2009 9:36:15 PM - Software Distribution Service 3.0
RP1102: 8/03/2009 4:16:42 PM - Software Distribution Service 3.0
RP1103: 8/03/2009 9:13:41 PM - Software Distribution Service 3.0
RP1104: 9/03/2009 11:17:12 AM - Software Distribution Service 3.0
RP1105: 9/03/2009 9:59:56 PM - Software Distribution Service 3.0
RP1106: 10/03/2009 11:07:05 AM - Software Distribution Service 3.0
RP1107: 10/03/2009 8:35:41 PM - Software Distribution Service 3.0
RP1108: 10/03/2009 9:19:51 PM - Software Distribution Service 3.0
RP1109: 11/03/2009 9:15:01 PM - Software Distribution Service 3.0
RP1110: 12/03/2009 3:30:00 PM - Microsoft OneCare Protection Checkpoint
RP1111: 12/03/2009 3:33:11 PM - Software Distribution Service 3.0
RP1112: 12/03/2009 3:46:34 PM - Microsoft OneCare Protection Checkpoint
RP1113: 12/03/2009 3:51:14 PM - Microsoft OneCare Protection Checkpoint
RP1114: 12/03/2009 5:29:00 PM - Microsoft OneCare Protection Checkpoint
RP1115: 12/03/2009 5:37:33 PM - Installed Antispyware2008
RP1116: 12/03/2009 6:05:36 PM - Microsoft OneCare Protection Checkpoint
RP1117: 12/03/2009 8:25:22 PM - Software Distribution Service 3.0
RP1118: 12/03/2009 8:40:26 PM - Microsoft OneCare Protection Checkpoint
RP1119: 12/03/2009 9:13:03 PM - Software Distribution Service 3.0
RP1120: 13/03/2009 6:01:49 AM - Microsoft OneCare Protection Checkpoint
RP1121: 13/03/2009 6:08:46 AM - Microsoft OneCare Protection Checkpoint
RP1122: 13/03/2009 7:41:33 AM - Microsoft OneCare Protection Checkpoint
RP1123: 13/03/2009 9:19:44 AM - Removed Ad-Aware
RP1124: 13/03/2009 9:33:11 AM - Removed Ad-Aware
RP1125: 13/03/2009 9:57:55 AM - Removed Ad-Aware
RP1126: 13/03/2009 10:06:46 AM - Microsoft OneCare Protection Checkpoint
RP1127: 13/03/2009 11:59:40 AM - Removed Ad-Aware
RP1128: 13/03/2009 12:30:55 PM - Microsoft OneCare Protection Checkpoint
RP1129: 13/03/2009 12:55:59 PM - Microsoft OneCare Protection Checkpoint
RP1130: 13/03/2009 2:06:47 PM - Avira AntiVir Personal - 13/03/2009 14:06
RP1131: 13/03/2009 5:09:00 PM - Software Distribution Service 3.0
RP1132: 13/03/2009 5:18:25 PM - Microsoft OneCare Protection Checkpoint
RP1133: 13/03/2009 5:46:20 PM - Removed Ad-Aware
RP1134: 13/03/2009 7:47:06 PM - Microsoft OneCare Protection Checkpoint
RP1135: 13/03/2009 11:14:37 PM - Software Distribution Service 3.0
RP1136: 14/03/2009 5:53:31 AM - Microsoft OneCare Protection Checkpoint
RP1137: 14/03/2009 6:30:42 AM - Software Distribution Service 3.0
RP1138: 14/03/2009 6:50:44 AM - Microsoft OneCare Protection Checkpoint
RP1139: 14/03/2009 9:34:01 AM - Software Distribution Service 3.0
RP1140: 14/03/2009 10:25:49 AM - Microsoft OneCare Protection Checkpoint
RP1141: 14/03/2009 9:12:25 PM - Software Distribution Service 3.0
RP1142: 15/03/2009 10:50:18 AM - Removed Ad-Aware

==== Installed Programs ======================


abrViewer.NET 1.0.1
ACDSee 9 Photo Manager
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Reader Chinese Simplified Fonts
Advanced SystemCare 3
Alien Skin Snap Art
AM-DeadLink
ArtRage 2
ASUS Probe V2.24.09
ASUSDVD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Better Homes and Gardens Home Designer Suite 6.0
Canon iP4200
Canon MP Navigator 2.0
Canon MP150
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CD Stomper 32 bit
CEP - Color Enable Package
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DiMAGE Scan Dual4 ver.1.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
ERUNT 1.1j
Eye Candy 3
Fashion Solitaire
Fishdom
FixerBundle
Focus Magic 3.02
forteManager
Free CD to MP3 Converter
Free Notes 3.02
GTOneCare
Harry's Filters 3.01
Hello (remove only)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Legacy 7.0
Legacy Charting 7.0
LightScribe 1.4.39.1
Livestation
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Mah Jong Quest II™
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
MoRUN.net Sticker
MotionDV STUDIO 5.1E LE for DV
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyHeritage Family Tree Builder
Nero Suite
Nikon Message Center
OGA Notifier 1.7.0105.35.0
OLYMPUS CAMEDIA Master 4.2
OmniPage SE 2.0
Opanda IExif 2.3
OpenAL
PartitionMagic
PhotoFilter 1.0
PictureProject
PowerQuest PartitionMagic 8.0
PX Engine
Quicken 2002 Personal Plus SE
QuickTime
RawShooter essentials 2005
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
SD Viewer for DV
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shadow Illuminator Home
SimCity 4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
The Font Thing
The Sims 2
The Sims 2 Open For Business
The Sims 2 Pets
The Sims Makin' Magic
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
ThreatExpert Memory Scanner 1.0
Topaz Adjust
Tradewinds Caravans™
Uninstall DreamSuite Bonus
Uninstall MysticalTTC
Uninstall MysticalTTCDEMO
Unlocker 1.8.7
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Video Stream Driver for Panasonic DVC
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
X-Lite 3.0

==== Event Viewer Messages From Past Week ========

10/03/2009 2:45:17 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
12/03/2009 3:30:00 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:JS/Xilos&threatid=2147596274 Scan ID: {1B7CB19D-7D4D-4DD8-9DF9-9E801F88FC5C} User: CAROLYN-212D4EF\Carolyn Stewart Name: Virus:JS/Xilos ID: 2147596274 Severity: Severe Category: Virus Path: file:\\?\C:\Documents and Settings\Carolyn Stewart\Local Settings\Temporary Internet Files\Content.IE5\F3Y91CDL\clicksagent2[1].htm Alert Type: Action: Clean Error Code: 0x80508017 Error description: Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.
12/03/2009 3:30:12 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {441C32AC-52A2-470D-9E79-61284676CF1E} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:46:34 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7395AEA1-82D1-42B9-8452-C1D271665761} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:51:14 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {6888D1E8-6E04-4E81-BCD0-836F48BE10D6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 4:26:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
12/03/2009 5:29:00 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {205C679E-E402-4B49-BB76-D1AD502AC09A} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 6:05:36 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8C14249C-C284-46D5-B9DE-123937980CE7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 8:40:26 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {EA20026A-2332-4156-BC91-81F96E6BD772} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:01:49 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {DC8E1E66-60B5-45AF-963C-5B71D8CC41FB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:08:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {1DC0BE5C-F73E-4F9D-A69B-1A6094F401E9} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:41:33 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A9DB99F-349A-4DB4-8B1C-D9A8B383BA76} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:43:02 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8515DEE7-C581-43A9-A3A1-64ED2C92B453} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 10:03:57 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon iP4200 share name Canon iP4200.
13/03/2009 10:06:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {82C622C9-EE19-43E7-9365-00930D3B1398} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:22:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {49368223-B042-44C9-96C9-B4929079EC27} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:30:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D47FC076-D9A2-44C9-B812-1617DA14B878} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:55:59 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {202EA27B-5334-4EDD-A54C-06A2E2FD37BD} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 2:21:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {968B8E82-847B-45B9-B603-2A54BD718081} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 4:44:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {2AD36B72-A529-4F78-B727-309D01008B20} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 4:45:27 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
13/03/2009 5:00:51 PM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
13/03/2009 5:18:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {21F42A91-11DC-4ADB-8B21-D0070B98E54C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:01:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {98E0F733-2E49-48DF-8CCC-EC60C4D2A908} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:47:07 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7C47596B-6CFF-4062-B931-A3F675EFB5E7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:39:53 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {A534B4B8-554E-44B8-A59D-3E7471611A2C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 5:53:31 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {801C533E-5DA1-484E-B85F-8D8DDFCFF4F6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:05:54 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {81A95EA5-F32C-4B52-93A4-4BC383ED28F5} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:50:44 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {50EBACE5-9207-4860-842D-7745B6569812} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:51:37 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D6D3063B-B7F1-4686-AB74-90180373E881} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 7:08:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The MSFWDrv service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aslm75 avgio avipbb eeCtrl Fips intelppm IPSec MRxSmb MSFWHLPR NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip WS2IFSL
14/03/2009 7:08:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
14/03/2009 7:15:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
14/03/2009 7:23:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
14/03/2009 10:23:34 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon MP150 Series Printer share name Canon MP150 Series Printer.
14/03/2009 10:25:50 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {C70714E6-B720-408C-A7E3-41895AA639C8} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 3:01:15 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {251EE402-E2C0-42A5-99B1-0AAE58351132} Scan Type: AntiMalware User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:20:35 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {821E08CF-D5CD-4905-9794-E41DBB8D785B} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:42:31 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {E0E5832C-A46F-46BF-BAEE-1C1071F25DEB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:57:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A63454D-5A25-4091-A15A-673FCB322097} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
15/03/2009 1:06:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SONIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{35C52376-D70E-45AA-. The master browser is stopping or an election is being forced.
14/03/2009 6:07:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file userinit.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================

Blade81
2009-03-15, 14:01
Hi again,

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log contents.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Amson
2009-03-15, 23:39
Thanks for the instructions. I've run everything so here are the logs:

1. Malware log

Malwarebytes' Anti-Malware 1.34
Database version: 1852
Windows 5.1.2600 Service Pack 3

16/03/2009 7:13:03 AM
mbam-log-2009-03-16 (07-13-03).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 410684
Time elapsed: 1 hour(s), 17 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2. Combofix log

ComboFix 09-03-14.02 - Carolyn Stewart 2009-03-16 7:27:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1115 [GMT 10:00]
Running from: c:\documents and settings\Carolyn Stewart\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.

2009-03-13 19:58 . 2009-03-13 19:58 <DIR> d-------- c:\program files\Trend Micro
2009-03-13 19:56 . 2009-03-13 19:57 <DIR> d-------- c:\program files\ERUNT
2009-03-13 16:42 . 2009-03-15 08:06 <DIR> d-------- c:\program files\Unlocker
2009-03-13 16:42 . 2009-03-13 23:06 <DIR> d-------- c:\documents and settings\Carolyn Stewart\Application Data\Desktopicon
2009-03-13 14:07 . 2009-03-13 14:07 <DIR> d-------- c:\program files\Avira
2009-03-13 14:07 . 2009-03-13 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-13 13:20 . 2009-03-13 13:19 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-13 13:19 . 2009-03-13 13:46 <DIR> d-------- c:\documents and settings\Carolyn Stewart\.housecall6.6
2009-03-13 09:10 . 2009-03-13 10:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-13 08:14 . 2009-03-15 09:12 <DIR> d-------- c:\program files\ThreatExpert Memory Scanner
2009-03-12 19:03 . 2009-03-13 12:42 0 --a------ C:\23990098.$$$
2009-03-12 19:00 . 2009-03-12 19:00 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-12 19:00 . 2009-03-12 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\MicroWorld
2009-03-12 19:00 . 2008-04-14 10:12 146,432 --a------ c:\windows\R.COM
2009-03-12 19:00 . 2008-04-14 10:12 135,680 --a------ c:\windows\system32\T.COM
2009-03-12 19:00 . 2009-03-12 19:00 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-12 19:00 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-12 19:00 . 2009-03-13 12:38 28 --a------ c:\windows\Lic.xxx
2009-03-12 15:29 . 2008-04-14 10:12 26,112 --a------ c:\windows\system32\stu2.exe
2009-02-26 10:37 . 2009-02-26 10:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-24 19:31 . 2009-02-24 19:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 19:31 . 2009-02-24 19:31 <DIR> d-------- c:\documents and settings\Carolyn Stewart\Application Data\Malwarebytes
2009-02-24 19:31 . 2009-02-24 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 19:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 08:35 . 2009-02-23 08:35 552 --a------ c:\windows\system32\DO_NOT_DELETE.backupSetID

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 10:51 --------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-03-15 09:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-22 00:54 --------- d-----w c:\documents and settings\Carolyn Stewart\Application Data\Canon
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 05:37 --------- d-----w c:\documents and settings\Carolyn Stewart\Application Data\U3
2009-01-20 20:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 20:10 --------- d-----w c:\program files\LG Soft India
2008-12-31 07:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 07:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 07:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 23:49 0 ----a-w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2006-05-14 00:39 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLea.DAT
2002-07-28 13:40 1,059,840 ----a-w c:\program files\DS_Bonus_Plugin.8bf
2008-12-12 04:11 2,932 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-28 20:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="d:\other program files\Super\SUPERAntiSpyware.exe" [2009-02-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-27 185872]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Carolyn Stewart\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-01-21 1126400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\other program files\Super\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-13 13:19 356352 d:\other program files\Super\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\i:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hello\\Hello.exe"=

R1 SASDIFSV;SASDIFSV;d:\other program files\Super\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;d:\other program files\Super\SASKUTIL.SYS [2008-11-17 55024]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R3 SASENUM;SASENUM;d:\other program files\Super\SASENUM.SYS [2008-11-17 7408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-01-21 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-01-21 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{E7292A15-726E-430D-8D05-D1A95914E21E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: virginmobile.com.au\www
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 07:29:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(572)
d:\other program files\Super\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-16 7:32:25
ComboFix-quarantined-files.txt 2009-03-15 21:32:00

Pre-Run: 8,039,473,152 bytes free
Post-Run: 8,248,840,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

167 --- E O F --- 2009-03-15 12:26:22

Amson
2009-03-15, 23:41
3. New DDS files


DDS (Ver_09-02-01.01) - NTFSx86
Run by Carolyn Stewart at 7:35:41.73 on Mon 16/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1158 [GMT 10:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Other Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Other Program Files\Super\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Carolyn Stewart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.my.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\other program files\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\other program files\super\SUPERAntiSpyware.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\caroly~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - c:\program files\hello\PicasaCapture.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
Trusted Zone: virginmobile.com.au\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - d:\other program files\super\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\other program files\super\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R?2 aawservice;Lavasoft Ad-Aware Service;d:\other program files\lavasoft\aawservice.exe [2008-9-10 611664]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-13 11840]
R1 SASDIFSV;SASDIFSV;d:\other program files\super\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;d:\other program files\super\SASKUTIL.SYS [2008-11-17 55024]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-13 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-13 151297]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-26 1174152]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-13 52032]
R3 SASENUM;SASENUM;d:\other program files\super\SASENUM.SYS [2008-11-17 7408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2009-1-21 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2009-1-21 13312]

=============== Created Last 30 ================

2009-03-16 07:25 <DIR> a-dshr-- C:\cmdcons
2009-03-16 07:23 161,792 a------- c:\windows\SWREG.exe
2009-03-16 07:23 98,816 a------- c:\windows\sed.exe
2009-03-14 07:01 <DIR> --d----- c:\windows\pss
2009-03-13 19:58 <DIR> --d----- c:\program files\Trend Micro
2009-03-13 16:42 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Desktopicon
2009-03-13 16:42 <DIR> --d----- c:\program files\Unlocker
2009-03-13 14:07 <DIR> --d----- c:\program files\Avira
2009-03-13 14:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-13 13:20 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-13 13:19 <DIR> --d----- c:\documents and settings\carolyn stewart\.housecall6.6
2009-03-13 09:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-13 08:14 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-03-12 19:03 0 a------- C:\23990098.$$$
2009-03-12 19:00 28 a------- c:\windows\Lic.xxx
2009-03-12 19:00 28,672 a------- c:\windows\system32\eEmpty.exe
2009-03-12 19:00 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-12 19:00 146,432 a------- c:\windows\R.COM
2009-03-12 19:00 135,680 a------- c:\windows\system32\T.COM
2009-03-12 19:00 <DIR> --d----- c:\program files\common files\MicroWorld
2009-03-12 19:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld
2009-03-12 15:29 26,112 a------- c:\windows\system32\stu2.exe
2009-02-24 19:31 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Malwarebytes
2009-02-24 19:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-24 19:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-24 19:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 08:35 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID

==================== Find3M ====================

2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-25 10:15 1,882 a------- c:\windows\eReg.dat
2008-12-21 09:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-15 09:49 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2006-05-14 10:39 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLea.DAT
2002-07-28 23:40 1,059,840 a------- c:\program files\DS_Bonus_Plugin.8bf
2008-12-12 14:11 2,932 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-29 06:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat

============= FINISH: 7:36:13.12 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 28/02/2006 5:23:30 PM
System Uptime: 16/03/2009 5:47:23 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 7.707 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 15.827 GiB free.
E: is FIXED (NTFS) - 127 GiB total, 54.166 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 73.112 GiB free.
G: is FIXED (NTFS) - 135 GiB total, 1.775 GiB free.
H: is FIXED (NTFS) - 279 GiB total, 244.996 GiB free.
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1054: 7/02/2009 11:53:38 AM - System Checkpoint
RP1055: 7/02/2009 2:44:45 PM - Software Distribution Service 3.0
RP1056: 7/02/2009 9:48:17 PM - Software Distribution Service 3.0
RP1057: 8/02/2009 9:15:28 PM - Software Distribution Service 3.0
RP1058: 9/02/2009 9:35:00 PM - Software Distribution Service 3.0
RP1059: 10/02/2009 11:59:39 AM - Software Distribution Service 3.0
RP1060: 10/02/2009 10:30:44 PM - Software Distribution Service 3.0
RP1061: 12/02/2009 6:18:15 AM - Software Distribution Service 3.0
RP1062: 12/02/2009 9:43:51 PM - Software Distribution Service 3.0
RP1063: 13/02/2009 8:53:37 PM - Software Distribution Service 3.0
RP1064: 14/02/2009 10:12:33 PM - Software Distribution Service 3.0
RP1065: 15/02/2009 8:58:36 PM - Software Distribution Service 3.0
RP1066: 16/02/2009 7:45:43 AM - Software Distribution Service 3.0
RP1067: 16/02/2009 2:34:53 PM - Software Distribution Service 3.0
RP1068: 16/02/2009 9:36:37 PM - Software Distribution Service 3.0
RP1069: 17/02/2009 2:20:31 PM - Software Distribution Service 3.0
RP1070: 17/02/2009 8:55:48 PM - Software Distribution Service 3.0
RP1071: 18/02/2009 9:23:31 AM - Software Distribution Service 3.0
RP1072: 18/02/2009 5:56:33 PM - Software Distribution Service 3.0
RP1073: 18/02/2009 9:04:42 PM - Software Distribution Service 3.0
RP1074: 19/02/2009 12:29:48 PM - Software Distribution Service 3.0
RP1075: 19/02/2009 8:26:24 PM - Software Distribution Service 3.0
RP1076: 20/02/2009 2:36:40 PM - Software Distribution Service 3.0
RP1077: 20/02/2009 9:50:21 PM - Software Distribution Service 3.0
RP1078: 21/02/2009 9:49:56 AM - Software Distribution Service 3.0
RP1079: 21/02/2009 11:26:24 PM - Software Distribution Service 3.0
RP1080: 22/02/2009 6:07:04 PM - Software Distribution Service 3.0
RP1081: 22/02/2009 10:29:39 PM - Software Distribution Service 3.0
RP1082: 23/02/2009 11:28:39 AM - Software Distribution Service 3.0
RP1083: 23/02/2009 9:29:34 PM - Software Distribution Service 3.0
RP1084: 24/02/2009 12:06:00 PM - Software Distribution Service 3.0
RP1085: 24/02/2009 9:08:26 PM - Software Distribution Service 3.0
RP1086: 25/02/2009 11:01:30 AM - Software Distribution Service 3.0
RP1087: 25/02/2009 9:28:54 PM - Software Distribution Service 3.0
RP1088: 26/02/2009 6:14:40 AM - Software Distribution Service 3.0
RP1089: 26/02/2009 7:58:59 PM - Software Distribution Service 3.0
RP1090: 27/02/2009 8:00:01 PM - Software Distribution Service 3.0
RP1091: 27/02/2009 9:47:48 PM - Software Distribution Service 3.0
RP1092: 28/02/2009 9:44:26 PM - Software Distribution Service 3.0
RP1093: 1/03/2009 9:38:18 PM - Software Distribution Service 3.0
RP1094: 2/03/2009 9:35:49 PM - Software Distribution Service 3.0
RP1095: 3/03/2009 1:08:15 PM - Software Distribution Service 3.0
RP1096: 3/03/2009 9:23:22 PM - Software Distribution Service 3.0
RP1097: 4/03/2009 9:42:48 PM - Software Distribution Service 3.0
RP1098: 5/03/2009 10:02:31 PM - Software Distribution Service 3.0
RP1099: 6/03/2009 3:48:57 PM - Software Distribution Service 3.0
RP1100: 6/03/2009 9:24:42 PM - Software Distribution Service 3.0
RP1101: 7/03/2009 9:36:15 PM - Software Distribution Service 3.0
RP1102: 8/03/2009 4:16:42 PM - Software Distribution Service 3.0
RP1103: 8/03/2009 9:13:41 PM - Software Distribution Service 3.0
RP1104: 9/03/2009 11:17:12 AM - Software Distribution Service 3.0
RP1105: 9/03/2009 9:59:56 PM - Software Distribution Service 3.0
RP1106: 10/03/2009 11:07:05 AM - Software Distribution Service 3.0
RP1107: 10/03/2009 8:35:41 PM - Software Distribution Service 3.0
RP1108: 10/03/2009 9:19:51 PM - Software Distribution Service 3.0
RP1109: 11/03/2009 9:15:01 PM - Software Distribution Service 3.0
RP1110: 12/03/2009 3:30:00 PM - Microsoft OneCare Protection Checkpoint
RP1111: 12/03/2009 3:33:11 PM - Software Distribution Service 3.0
RP1112: 12/03/2009 3:46:34 PM - Microsoft OneCare Protection Checkpoint
RP1113: 12/03/2009 3:51:14 PM - Microsoft OneCare Protection Checkpoint
RP1114: 12/03/2009 5:29:00 PM - Microsoft OneCare Protection Checkpoint
RP1115: 12/03/2009 5:37:33 PM - Installed Antispyware2008
RP1116: 12/03/2009 6:05:36 PM - Microsoft OneCare Protection Checkpoint
RP1117: 12/03/2009 8:25:22 PM - Software Distribution Service 3.0
RP1118: 12/03/2009 8:40:26 PM - Microsoft OneCare Protection Checkpoint
RP1119: 12/03/2009 9:13:03 PM - Software Distribution Service 3.0
RP1120: 13/03/2009 6:01:49 AM - Microsoft OneCare Protection Checkpoint
RP1121: 13/03/2009 6:08:46 AM - Microsoft OneCare Protection Checkpoint
RP1122: 13/03/2009 7:41:33 AM - Microsoft OneCare Protection Checkpoint
RP1123: 13/03/2009 9:19:44 AM - Removed Ad-Aware
RP1124: 13/03/2009 9:33:11 AM - Removed Ad-Aware
RP1125: 13/03/2009 9:57:55 AM - Removed Ad-Aware
RP1126: 13/03/2009 10:06:46 AM - Microsoft OneCare Protection Checkpoint
RP1127: 13/03/2009 11:59:40 AM - Removed Ad-Aware
RP1128: 13/03/2009 12:30:55 PM - Microsoft OneCare Protection Checkpoint
RP1129: 13/03/2009 12:55:59 PM - Microsoft OneCare Protection Checkpoint
RP1130: 13/03/2009 2:06:47 PM - Avira AntiVir Personal - 13/03/2009 14:06
RP1131: 13/03/2009 5:09:00 PM - Software Distribution Service 3.0
RP1132: 13/03/2009 5:18:25 PM - Microsoft OneCare Protection Checkpoint
RP1133: 13/03/2009 5:46:20 PM - Removed Ad-Aware
RP1134: 13/03/2009 7:47:06 PM - Microsoft OneCare Protection Checkpoint
RP1135: 13/03/2009 11:14:37 PM - Software Distribution Service 3.0
RP1136: 14/03/2009 5:53:31 AM - Microsoft OneCare Protection Checkpoint
RP1137: 14/03/2009 6:30:42 AM - Software Distribution Service 3.0
RP1138: 14/03/2009 6:50:44 AM - Microsoft OneCare Protection Checkpoint
RP1139: 14/03/2009 9:34:01 AM - Software Distribution Service 3.0
RP1140: 14/03/2009 10:25:49 AM - Microsoft OneCare Protection Checkpoint
RP1141: 14/03/2009 9:12:25 PM - Software Distribution Service 3.0
RP1142: 15/03/2009 10:50:18 AM - Removed Ad-Aware
RP1143: 15/03/2009 10:25:45 PM - Software Distribution Service 3.0
RP1144: 16/03/2009 7:24:05 AM - ComboFix created restore point

==== Installed Programs ======================


abrViewer.NET 1.0.1
ACDSee 9 Photo Manager
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Reader Chinese Simplified Fonts
Advanced SystemCare 3
Alien Skin Snap Art
AM-DeadLink
ArtRage 2
ASUS Probe V2.24.09
ASUSDVD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Better Homes and Gardens Home Designer Suite 6.0
Canon iP4200
Canon MP Navigator 2.0
Canon MP150
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CD Stomper 32 bit
CEP - Color Enable Package
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DiMAGE Scan Dual4 ver.1.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
ERUNT 1.1j
Eye Candy 3
Fashion Solitaire
Fishdom
FixerBundle
Focus Magic 3.02
forteManager
Free CD to MP3 Converter
Free Notes 3.02
GTOneCare
Harry's Filters 3.01
Hello (remove only)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Legacy 7.0
Legacy Charting 7.0
LightScribe 1.4.39.1
Livestation
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Mah Jong Quest II™
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
MoRUN.net Sticker
MotionDV STUDIO 5.1E LE for DV
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyHeritage Family Tree Builder
Nero Suite
Nikon Message Center
OGA Notifier 1.7.0105.35.0
OLYMPUS CAMEDIA Master 4.2
OmniPage SE 2.0
Opanda IExif 2.3
OpenAL
PartitionMagic
PhotoFilter 1.0
PictureProject
PowerQuest PartitionMagic 8.0
PX Engine
Quicken 2002 Personal Plus SE
QuickTime
RawShooter essentials 2005
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
SD Viewer for DV
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shadow Illuminator Home
SimCity 4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
The Font Thing
The Sims 2
The Sims 2 Open For Business
The Sims 2 Pets
The Sims Makin' Magic
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
ThreatExpert Memory Scanner 1.0
Topaz Adjust
Tradewinds Caravans™
Uninstall DreamSuite Bonus
Uninstall MysticalTTC
Uninstall MysticalTTCDEMO
Unlocker 1.8.7
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Video Stream Driver for Panasonic DVC
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
X-Lite 3.0

==== Event Viewer Messages From Past Week ========

10/03/2009 2:45:17 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
12/03/2009 3:30:00 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:JS/Xilos&threatid=2147596274 Scan ID: {1B7CB19D-7D4D-4DD8-9DF9-9E801F88FC5C} User: CAROLYN-212D4EF\Carolyn Stewart Name: Virus:JS/Xilos ID: 2147596274 Severity: Severe Category: Virus Path: file:\\?\C:\Documents and Settings\Carolyn Stewart\Local Settings\Temporary Internet Files\Content.IE5\F3Y91CDL\clicksagent2[1].htm Alert Type: Action: Clean Error Code: 0x80508017 Error description: Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.
12/03/2009 3:30:12 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {441C32AC-52A2-470D-9E79-61284676CF1E} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:46:34 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7395AEA1-82D1-42B9-8452-C1D271665761} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:51:14 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {6888D1E8-6E04-4E81-BCD0-836F48BE10D6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 4:26:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
12/03/2009 5:29:00 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {205C679E-E402-4B49-BB76-D1AD502AC09A} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 6:05:36 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8C14249C-C284-46D5-B9DE-123937980CE7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 8:40:26 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {EA20026A-2332-4156-BC91-81F96E6BD772} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:01:49 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {DC8E1E66-60B5-45AF-963C-5B71D8CC41FB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:08:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {1DC0BE5C-F73E-4F9D-A69B-1A6094F401E9} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:41:33 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A9DB99F-349A-4DB4-8B1C-D9A8B383BA76} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:43:02 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8515DEE7-C581-43A9-A3A1-64ED2C92B453} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 10:03:57 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon iP4200 share name Canon iP4200.
13/03/2009 10:06:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {82C622C9-EE19-43E7-9365-00930D3B1398} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:22:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {49368223-B042-44C9-96C9-B4929079EC27} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:30:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D47FC076-D9A2-44C9-B812-1617DA14B878} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:55:59 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {202EA27B-5334-4EDD-A54C-06A2E2FD37BD} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 2:21:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {968B8E82-847B-45B9-B603-2A54BD718081} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 4:44:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {2AD36B72-A529-4F78-B727-309D01008B20} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 4:45:27 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
13/03/2009 5:00:51 PM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
13/03/2009 5:18:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {21F42A91-11DC-4ADB-8B21-D0070B98E54C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:01:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {98E0F733-2E49-48DF-8CCC-EC60C4D2A908} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:47:07 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7C47596B-6CFF-4062-B931-A3F675EFB5E7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:39:53 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {A534B4B8-554E-44B8-A59D-3E7471611A2C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 5:53:31 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {801C533E-5DA1-484E-B85F-8D8DDFCFF4F6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:05:54 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {81A95EA5-F32C-4B52-93A4-4BC383ED28F5} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:50:44 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {50EBACE5-9207-4860-842D-7745B6569812} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:51:37 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D6D3063B-B7F1-4686-AB74-90180373E881} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 7:08:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The MSFWDrv service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aslm75 avgio avipbb eeCtrl Fips intelppm IPSec MRxSmb MSFWHLPR NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip WS2IFSL
14/03/2009 7:08:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
14/03/2009 7:15:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
14/03/2009 7:23:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
14/03/2009 10:23:34 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon MP150 Series Printer share name Canon MP150 Series Printer.
14/03/2009 10:25:50 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {C70714E6-B720-408C-A7E3-41895AA639C8} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 3:01:15 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {251EE402-E2C0-42A5-99B1-0AAE58351132} Scan Type: AntiMalware User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:20:35 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {821E08CF-D5CD-4905-9794-E41DBB8D785B} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:42:31 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {E0E5832C-A46F-46BF-BAEE-1C1071F25DEB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:57:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A63454D-5A25-4091-A15A-673FCB322097} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
15/03/2009 1:06:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SONIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{35C52376-D70E-45AA-. The master browser is stopping or an election is being forced.
14/03/2009 6:07:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file userinit.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================

Amson
2009-03-16, 08:38
Computer now seems to be running like a dream. I was also able to end process of adaware and delete the application which previously had been locked. What a change!! Also no strange files in temp or icons on desktop. Do the logs look OK??

Blade81
2009-03-16, 16:16
Hi

Looks better but there're still some steps left to be taken :)


You seem to have two antivirus programs there: Antivir and Windows Live OneCare antivirus component. Having more than one enabled at the same time may cause odd symptoms.




Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\23990098.$$$
c:\windows\system32\stu2.exe

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Having all browser windows (this one included) closed and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds log and above mentioned ComboFix resultant log.

Amson
2009-03-17, 09:19
Thanks for the advice. I have now finally completed everything but last scan still had trojans to delete. Guess no online shopping tonight....

I had 2 virus scanners but only one was ever enabled at one time. Antiviro helped in picking up a few problems last week but I have now uninstalled this but will probably install again when problems resolved.

Here is the first log from Combofix:

ComboFix 09-03-15.01 - Carolyn Stewart 2009-03-17 6:04:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1488 [GMT 10:00]
Running from: c:\documents and settings\Carolyn Stewart\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carolyn Stewart\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point

FILE ::
C:\23990098.$$$
c:\windows\system32\stu2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23990098.$$$
c:\windows\system32\stu2.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-13 19:58 . 2009-03-13 19:58 <DIR> d-------- c:\program files\Trend Micro
2009-03-13 19:56 . 2009-03-13 19:57 <DIR> d-------- c:\program files\ERUNT
2009-03-13 16:42 . 2009-03-15 08:06 <DIR> d-------- c:\program files\Unlocker
2009-03-13 16:42 . 2009-03-13 23:06 <DIR> d-------- c:\documents and settings\Carolyn Stewart\Application Data\Desktopicon
2009-03-13 14:07 . 2009-03-13 14:07 <DIR> d-------- c:\program files\Avira
2009-03-13 14:07 . 2009-03-13 14:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-13 13:20 . 2009-03-13 13:19 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-13 13:19 . 2009-03-13 13:46 <DIR> d-------- c:\documents and settings\Carolyn Stewart\.housecall6.6
2009-03-13 09:10 . 2009-03-13 10:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-13 08:14 . 2009-03-15 09:12 <DIR> d-------- c:\program files\ThreatExpert Memory Scanner
2009-03-12 19:00 . 2009-03-12 19:00 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-12 19:00 . 2009-03-12 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\MicroWorld
2009-03-12 19:00 . 2008-04-14 10:12 146,432 --a------ c:\windows\R.COM
2009-03-12 19:00 . 2008-04-14 10:12 135,680 --a------ c:\windows\system32\T.COM
2009-03-12 19:00 . 2009-03-12 19:00 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-12 19:00 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-12 19:00 . 2009-03-13 12:38 28 --a------ c:\windows\Lic.xxx
2009-02-26 10:37 . 2009-02-26 10:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-02-24 19:31 . 2009-02-24 19:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 19:31 . 2009-02-24 19:31 <DIR> d-------- c:\documents and settings\Carolyn Stewart\Application Data\Malwarebytes
2009-02-24 19:31 . 2009-02-24 19:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 19:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-23 08:35 . 2009-02-23 08:35 552 --a------ c:\windows\system32\DO_NOT_DELETE.backupSetID

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 10:32 --------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-03-16 07:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-16 06:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-16 06:19 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-12 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-22 00:54 --------- d-----w c:\documents and settings\Carolyn Stewart\Application Data\Canon
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-01 05:37 --------- d-----w c:\documents and settings\Carolyn Stewart\Application Data\U3
2009-01-20 20:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 20:10 --------- d-----w c:\program files\LG Soft India
2008-12-31 07:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll
2008-12-31 07:04 528,744 ----a-w c:\windows\system32\OGAVerify.exe
2008-12-31 07:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 23:49 0 ----a-w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2006-05-14 00:39 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLea.DAT
2002-07-28 13:40 1,059,840 ----a-w c:\program files\DS_Bonus_Plugin.8bf
2008-12-12 04:11 2,932 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-28 20:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052920080530\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-16_ 7.29.59.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 02:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\17-03-2009\ERDNT.EXE
+ 2009-03-16 19:43:42 25,079,808 ----a-w c:\windows\ERDNT\AutoBackup\17-03-2009\Users\00000001\ntuser.dat
+ 2009-03-16 19:43:42 385,024 ----a-w c:\windows\ERDNT\AutoBackup\17-03-2009\Users\00000002\UsrClass.dat
+ 2009-03-16 19:44:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="d:\other program files\Super\SUPERAntiSpyware.exe" [2009-02-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-27 185872]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Carolyn Stewart\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-01-21 1126400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\other program files\Super\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-13 13:19 356352 d:\other program files\Super\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\I:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hello\\Hello.exe"=

R1 SASDIFSV;SASDIFSV;d:\other program files\Super\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;d:\other program files\Super\SASKUTIL.SYS [2008-11-17 55024]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R3 SASENUM;SASENUM;d:\other program files\Super\SASENUM.SYS [2008-11-17 7408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-01-21 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-01-21 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-16 c:\windows\Tasks\User_Feed_Synchronization-{E7292A15-726E-430D-8D05-D1A95914E21E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://au.my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: virginmobile.com.au\www
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 06:06:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1801674531-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
d:\other program files\Super\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-17 6:08:35
ComboFix-quarantined-files.txt 2009-03-16 20:08:33
ComboFix2.txt 2009-03-15 21:32:26

Pre-Run: 8,147,165,184 bytes free
Post-Run: 8,135,393,280 bytes free

172 --- E O F --- 2009-03-16 11:21:47

Amson
2009-03-17, 09:24
I was unable to scan online with Kaspersky as my internet connection is not that brilliant and I have so many drives. I downloaded the trial version and uninstalled other virus scanners and scanned. I can't find out how to print a consolidated report but problems were found as follows:

Detected
--------
Status Object
------ ------
quarantined: virus Heur.Invader (modification) File: c:\documents and settings\carolyn stewart\desktop\combofix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe//PE_Patch.UPX
quarantined: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{22BAC084-4C30-421C-82B5-124863A3BC71}\RP1148\A0170503.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe//PE_Patch.UPX
quarantined: virus Heur.Invader (modification) File: C:\System Volume Information\_restore{22BAC084-4C30-421C-82B5-124863A3BC71}\RP1157\A0171196.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe//PE_Patch.UPX
quarantined: Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Email message: Outlook\Personal Folders\Top of Personal Folders\Inbox\Carolyn\[From:PayPal][Subject:Message has a suspicious part : New email address added to your PayPal account][Time:2004/12/17 06:32:31]/HTMLBody

These have now been deleted. Scan took over 2 hours and seems that all files were checked.

I then ran DDS and here are the logs:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Carolyn Stewart at 13:33:09.31 on Tue 17/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1436 [GMT 10:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Other Program Files\Super\SUPERAntiSpyware.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Carolyn Stewart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.my.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\other program files\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\other program files\super\SUPERAntiSpyware.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\caroly~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - c:\program files\hello\PicasaCapture.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
Trusted Zone: virginmobile.com.au\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - d:\other program files\super\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\other program files\super\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 112144]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344]
R1 SASDIFSV;SASDIFSV;d:\other program files\super\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;d:\other program files\super\SASKUTIL.SYS [2008-11-17 55024]
R2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-11-5 25968]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-26 1174152]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
R3 SASENUM;SASENUM;d:\other program files\super\SASENUM.SYS [2008-11-17 7408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2009-1-21 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2009-1-21 13312]

=============== Created Last 30 ================

2009-03-17 09:01 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-17 09:01 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-17 09:01 11,502,880 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-17 09:01 166,472 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-17 09:01 6,432 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-17 09:01 1,508 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-17 09:01 <DIR> --d----- c:\program files\Kaspersky Lab
2009-03-17 09:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-03-17 08:53 <DIR> --d----- C:\kav
2009-03-17 06:03 <DIR> --d----- C:\ComboFix
2009-03-16 07:25 <DIR> a-dshr-- C:\cmdcons
2009-03-16 07:23 161,792 a------- c:\windows\SWREG.exe
2009-03-16 07:23 98,816 a------- c:\windows\sed.exe
2009-03-14 07:01 <DIR> --d----- c:\windows\pss
2009-03-13 19:58 <DIR> --d----- c:\program files\Trend Micro
2009-03-13 16:42 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Desktopicon
2009-03-13 16:42 <DIR> --d----- c:\program files\Unlocker
2009-03-13 13:20 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-13 13:19 <DIR> --d----- c:\documents and settings\carolyn stewart\.housecall6.6
2009-03-13 09:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-13 08:14 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-03-12 19:00 28 a------- c:\windows\Lic.xxx
2009-03-12 19:00 28,672 a------- c:\windows\system32\eEmpty.exe
2009-03-12 19:00 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-12 19:00 146,432 a------- c:\windows\R.COM
2009-03-12 19:00 135,680 a------- c:\windows\system32\T.COM
2009-03-12 19:00 <DIR> --d----- c:\program files\common files\MicroWorld
2009-03-12 19:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld
2009-02-24 19:31 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Malwarebytes
2009-02-24 19:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-24 19:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-24 19:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 08:35 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID

==================== Find3M ====================

2009-03-17 11:11 112,144 a------- c:\windows\system32\drivers\kl1.sys
2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-25 10:15 1,882 a------- c:\windows\eReg.dat
2008-12-21 09:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-15 09:49 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2006-05-14 10:39 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLea.DAT
2002-07-28 23:40 1,059,840 a------- c:\program files\DS_Bonus_Plugin.8bf
2008-12-12 14:11 2,932 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-29 06:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat

============= FINISH: 13:34:26.73 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 28/02/2006 5:23:30 PM
System Uptime: 17/03/2009 1:18:26 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 6.911 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 15.83 GiB free.
E: is FIXED (NTFS) - 127 GiB total, 54.16 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 73.087 GiB free.
G: is FIXED (NTFS) - 135 GiB total, 1.761 GiB free.
H: is FIXED (NTFS) - 279 GiB total, 244.994 GiB free.
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1054: 7/02/2009 11:53:38 AM - System Checkpoint
RP1055: 7/02/2009 2:44:45 PM - Software Distribution Service 3.0
RP1056: 7/02/2009 9:48:17 PM - Software Distribution Service 3.0
RP1057: 8/02/2009 9:15:28 PM - Software Distribution Service 3.0
RP1058: 9/02/2009 9:35:00 PM - Software Distribution Service 3.0
RP1059: 10/02/2009 11:59:39 AM - Software Distribution Service 3.0
RP1060: 10/02/2009 10:30:44 PM - Software Distribution Service 3.0
RP1061: 12/02/2009 6:18:15 AM - Software Distribution Service 3.0
RP1062: 12/02/2009 9:43:51 PM - Software Distribution Service 3.0
RP1063: 13/02/2009 8:53:37 PM - Software Distribution Service 3.0
RP1064: 14/02/2009 10:12:33 PM - Software Distribution Service 3.0
RP1065: 15/02/2009 8:58:36 PM - Software Distribution Service 3.0
RP1066: 16/02/2009 7:45:43 AM - Software Distribution Service 3.0
RP1067: 16/02/2009 2:34:53 PM - Software Distribution Service 3.0
RP1068: 16/02/2009 9:36:37 PM - Software Distribution Service 3.0
RP1069: 17/02/2009 2:20:31 PM - Software Distribution Service 3.0
RP1070: 17/02/2009 8:55:48 PM - Software Distribution Service 3.0
RP1071: 18/02/2009 9:23:31 AM - Software Distribution Service 3.0
RP1072: 18/02/2009 5:56:33 PM - Software Distribution Service 3.0
RP1073: 18/02/2009 9:04:42 PM - Software Distribution Service 3.0
RP1074: 19/02/2009 12:29:48 PM - Software Distribution Service 3.0
RP1075: 19/02/2009 8:26:24 PM - Software Distribution Service 3.0
RP1076: 20/02/2009 2:36:40 PM - Software Distribution Service 3.0
RP1077: 20/02/2009 9:50:21 PM - Software Distribution Service 3.0
RP1078: 21/02/2009 9:49:56 AM - Software Distribution Service 3.0
RP1079: 21/02/2009 11:26:24 PM - Software Distribution Service 3.0
RP1080: 22/02/2009 6:07:04 PM - Software Distribution Service 3.0
RP1081: 22/02/2009 10:29:39 PM - Software Distribution Service 3.0
RP1082: 23/02/2009 11:28:39 AM - Software Distribution Service 3.0
RP1083: 23/02/2009 9:29:34 PM - Software Distribution Service 3.0
RP1084: 24/02/2009 12:06:00 PM - Software Distribution Service 3.0
RP1085: 24/02/2009 9:08:26 PM - Software Distribution Service 3.0
RP1086: 25/02/2009 11:01:30 AM - Software Distribution Service 3.0
RP1087: 25/02/2009 9:28:54 PM - Software Distribution Service 3.0
RP1088: 26/02/2009 6:14:40 AM - Software Distribution Service 3.0
RP1089: 26/02/2009 7:58:59 PM - Software Distribution Service 3.0
RP1090: 27/02/2009 8:00:01 PM - Software Distribution Service 3.0
RP1091: 27/02/2009 9:47:48 PM - Software Distribution Service 3.0
RP1092: 28/02/2009 9:44:26 PM - Software Distribution Service 3.0
RP1093: 1/03/2009 9:38:18 PM - Software Distribution Service 3.0
RP1094: 2/03/2009 9:35:49 PM - Software Distribution Service 3.0
RP1095: 3/03/2009 1:08:15 PM - Software Distribution Service 3.0
RP1096: 3/03/2009 9:23:22 PM - Software Distribution Service 3.0
RP1097: 4/03/2009 9:42:48 PM - Software Distribution Service 3.0
RP1098: 5/03/2009 10:02:31 PM - Software Distribution Service 3.0
RP1099: 6/03/2009 3:48:57 PM - Software Distribution Service 3.0
RP1100: 6/03/2009 9:24:42 PM - Software Distribution Service 3.0
RP1101: 7/03/2009 9:36:15 PM - Software Distribution Service 3.0
RP1102: 8/03/2009 4:16:42 PM - Software Distribution Service 3.0
RP1103: 8/03/2009 9:13:41 PM - Software Distribution Service 3.0
RP1104: 9/03/2009 11:17:12 AM - Software Distribution Service 3.0
RP1105: 9/03/2009 9:59:56 PM - Software Distribution Service 3.0
RP1106: 10/03/2009 11:07:05 AM - Software Distribution Service 3.0
RP1107: 10/03/2009 8:35:41 PM - Software Distribution Service 3.0
RP1108: 10/03/2009 9:19:51 PM - Software Distribution Service 3.0
RP1109: 11/03/2009 9:15:01 PM - Software Distribution Service 3.0
RP1110: 12/03/2009 3:30:00 PM - Microsoft OneCare Protection Checkpoint
RP1111: 12/03/2009 3:33:11 PM - Software Distribution Service 3.0
RP1112: 12/03/2009 3:46:34 PM - Microsoft OneCare Protection Checkpoint
RP1113: 12/03/2009 3:51:14 PM - Microsoft OneCare Protection Checkpoint
RP1114: 12/03/2009 5:29:00 PM - Microsoft OneCare Protection Checkpoint
RP1115: 12/03/2009 5:37:33 PM - Installed Antispyware2008
RP1116: 12/03/2009 6:05:36 PM - Microsoft OneCare Protection Checkpoint
RP1117: 12/03/2009 8:25:22 PM - Software Distribution Service 3.0
RP1118: 12/03/2009 8:40:26 PM - Microsoft OneCare Protection Checkpoint
RP1119: 12/03/2009 9:13:03 PM - Software Distribution Service 3.0
RP1120: 13/03/2009 6:01:49 AM - Microsoft OneCare Protection Checkpoint
RP1121: 13/03/2009 6:08:46 AM - Microsoft OneCare Protection Checkpoint
RP1122: 13/03/2009 7:41:33 AM - Microsoft OneCare Protection Checkpoint
RP1123: 13/03/2009 9:19:44 AM - Removed Ad-Aware
RP1124: 13/03/2009 9:33:11 AM - Removed Ad-Aware
RP1125: 13/03/2009 9:57:55 AM - Removed Ad-Aware
RP1126: 13/03/2009 10:06:46 AM - Microsoft OneCare Protection Checkpoint
RP1127: 13/03/2009 11:59:40 AM - Removed Ad-Aware
RP1128: 13/03/2009 12:30:55 PM - Microsoft OneCare Protection Checkpoint
RP1129: 13/03/2009 12:55:59 PM - Microsoft OneCare Protection Checkpoint
RP1130: 13/03/2009 2:06:47 PM - Avira AntiVir Personal - 13/03/2009 14:06
RP1131: 13/03/2009 5:09:00 PM - Software Distribution Service 3.0
RP1132: 13/03/2009 5:18:25 PM - Microsoft OneCare Protection Checkpoint
RP1133: 13/03/2009 5:46:20 PM - Removed Ad-Aware
RP1134: 13/03/2009 7:47:06 PM - Microsoft OneCare Protection Checkpoint
RP1135: 13/03/2009 11:14:37 PM - Software Distribution Service 3.0
RP1136: 14/03/2009 5:53:31 AM - Microsoft OneCare Protection Checkpoint
RP1137: 14/03/2009 6:30:42 AM - Software Distribution Service 3.0
RP1138: 14/03/2009 6:50:44 AM - Microsoft OneCare Protection Checkpoint
RP1139: 14/03/2009 9:34:01 AM - Software Distribution Service 3.0
RP1140: 14/03/2009 10:25:49 AM - Microsoft OneCare Protection Checkpoint
RP1141: 14/03/2009 9:12:25 PM - Software Distribution Service 3.0
RP1142: 15/03/2009 10:50:18 AM - Removed Ad-Aware
RP1143: 15/03/2009 10:25:45 PM - Software Distribution Service 3.0
RP1144: 16/03/2009 7:24:05 AM - ComboFix created restore point
RP1145: 16/03/2009 10:12:31 AM - Software Distribution Service 3.0
RP1146: 16/03/2009 4:19:55 PM - Removed Ad-Aware
RP1147: 16/03/2009 5:49:50 PM - Software Distribution Service 3.0
RP1148: 16/03/2009 9:21:17 PM - Software Distribution Service 3.0
RP1149: 17/03/2009 6:04:15 AM - ComboFix created restore point
RP1150: 17/03/2009 6:14:01 AM - Removed Adobe Reader 7.1.0
RP1151: 17/03/2009 6:15:55 AM - Removed Adobe Reader Chinese Simplified Fonts
RP1152: 17/03/2009 6:28:54 AM - Installed Adobe Reader 9.1.
RP1153: 17/03/2009 6:34:21 AM - Removed J2SE Runtime Environment 5.0 Update 5
RP1154: 17/03/2009 6:34:49 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP1155: 17/03/2009 6:35:20 AM - Removed J2SE Runtime Environment 5.0 Update 9
RP1156: 17/03/2009 8:54:41 AM - Avira AntiVir Personal - 17/03/2009 8:54
RP1157: 17/03/2009 9:00:58 AM - Installed Kaspersky Anti-Virus 7.0.

==== Installed Programs ======================


abrViewer.NET 1.0.1
ACDSee 9 Photo Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Advanced SystemCare 3
Alien Skin Snap Art
AM-DeadLink
ArtRage 2
ASUS Probe V2.24.09
ASUSDVD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Better Homes and Gardens Home Designer Suite 6.0
Canon iP4200
Canon MP Navigator 2.0
Canon MP150
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CD Stomper 32 bit
CEP - Color Enable Package
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DiMAGE Scan Dual4 ver.1.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
ERUNT 1.1j
Eye Candy 3
Fashion Solitaire
Fishdom
FixerBundle
Focus Magic 3.02
forteManager
Free CD to MP3 Converter
Free Notes 3.02
GTOneCare
Harry's Filters 3.01
Hello (remove only)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
Jasc Paint Shop Photo Album 5
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Kaspersky Anti-Virus 7.0
Legacy 7.0
Legacy Charting 7.0
LightScribe 1.4.39.1
Livestation
LiveUpdate Notice (Symantec Corporation)
Luxor 2
Mah Jong Quest II™
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
MoRUN.net Sticker
MotionDV STUDIO 5.1E LE for DV
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyHeritage Family Tree Builder
Nero Suite
Nikon Message Center
OGA Notifier 1.7.0105.35.0
OLYMPUS CAMEDIA Master 4.2
OmniPage SE 2.0
Opanda IExif 2.3
OpenAL
PartitionMagic
PhotoFilter 1.0
PictureProject
PowerQuest PartitionMagic 8.0
PX Engine
Quicken 2002 Personal Plus SE
QuickTime
RawShooter essentials 2005
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
SD Viewer for DV
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shadow Illuminator Home
SimCity 4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
The Font Thing
The Sims 2
The Sims 2 Open For Business
The Sims 2 Pets
The Sims Makin' Magic
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
ThreatExpert Memory Scanner 1.0
Topaz Adjust
Tradewinds Caravans™
Uninstall DreamSuite Bonus
Uninstall MysticalTTC
Uninstall MysticalTTCDEMO
Unlocker 1.8.7
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Video Stream Driver for Panasonic DVC
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
X-Lite 3.0

==== Event Viewer Messages From Past Week ========

12/03/2009 6:05:36 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8C14249C-C284-46D5-B9DE-123937980CE7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 5:29:00 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {205C679E-E402-4B49-BB76-D1AD502AC09A} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 4:28:14 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
12/03/2009 4:26:44 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
12/03/2009 3:51:14 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {6888D1E8-6E04-4E81-BCD0-836F48BE10D6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:46:34 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7395AEA1-82D1-42B9-8452-C1D271665761} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:30:12 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {441C32AC-52A2-470D-9E79-61284676CF1E} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
12/03/2009 3:30:00 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:JS/Xilos&threatid=2147596274 Scan ID: {1B7CB19D-7D4D-4DD8-9DF9-9E801F88FC5C} User: CAROLYN-212D4EF\Carolyn Stewart Name: Virus:JS/Xilos ID: 2147596274 Severity: Severe Category: Virus Path: file:\\?\C:\Documents and Settings\Carolyn Stewart\Local Settings\Temporary Internet Files\Content.IE5\F3Y91CDL\clicksagent2[1].htm Alert Type: Action: Clean Error Code: 0x80508017 Error description: Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.
12/03/2009 8:40:26 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {EA20026A-2332-4156-BC91-81F96E6BD772} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:01:49 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {DC8E1E66-60B5-45AF-963C-5B71D8CC41FB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:08:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {1DC0BE5C-F73E-4F9D-A69B-1A6094F401E9} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:41:33 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A9DB99F-349A-4DB4-8B1C-D9A8B383BA76} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:43:02 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8515DEE7-C581-43A9-A3A1-64ED2C92B453} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 10:03:57 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon iP4200 share name Canon iP4200.
13/03/2009 10:06:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {82C622C9-EE19-43E7-9365-00930D3B1398} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:22:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {49368223-B042-44C9-96C9-B4929079EC27} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:30:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D47FC076-D9A2-44C9-B812-1617DA14B878} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:55:59 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {202EA27B-5334-4EDD-A54C-06A2E2FD37BD} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 2:21:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {968B8E82-847B-45B9-B603-2A54BD718081} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 4:44:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {2AD36B72-A529-4F78-B727-309D01008B20} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 4:45:27 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
13/03/2009 5:00:51 PM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
13/03/2009 5:18:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {21F42A91-11DC-4ADB-8B21-D0070B98E54C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:01:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {98E0F733-2E49-48DF-8CCC-EC60C4D2A908} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:47:07 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7C47596B-6CFF-4062-B931-A3F675EFB5E7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:39:53 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {A534B4B8-554E-44B8-A59D-3E7471611A2C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 5:53:31 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {801C533E-5DA1-484E-B85F-8D8DDFCFF4F6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:05:54 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {81A95EA5-F32C-4B52-93A4-4BC383ED28F5} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:50:44 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {50EBACE5-9207-4860-842D-7745B6569812} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:51:37 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D6D3063B-B7F1-4686-AB74-90180373E881} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 7:08:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The MSFWDrv service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aslm75 avgio avipbb eeCtrl Fips intelppm IPSec MRxSmb MSFWHLPR NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip WS2IFSL
14/03/2009 7:08:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
14/03/2009 7:15:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
14/03/2009 7:23:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
14/03/2009 10:23:34 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon MP150 Series Printer share name Canon MP150 Series Printer.
14/03/2009 10:25:50 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {C70714E6-B720-408C-A7E3-41895AA639C8} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 3:01:15 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {251EE402-E2C0-42A5-99B1-0AAE58351132} Scan Type: AntiMalware User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:20:35 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {821E08CF-D5CD-4905-9794-E41DBB8D785B} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:42:31 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {E0E5832C-A46F-46BF-BAEE-1C1071F25DEB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:57:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A63454D-5A25-4091-A15A-673FCB322097} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
15/03/2009 1:06:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SONIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{35C52376-D70E-45AA-. The master browser is stopping or an election is being forced.
14/03/2009 6:07:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file userinit.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================


Thanks so much for your help. It is so appreciated!!

Blade81
2009-03-17, 10:25
Hi

First three quarantined items are false positives (related to ComboFix which is not malicious).

Also, you installed Kaspersky antivirus while you should install & run Kaspersky online scanner. Please uninstall Kaspersky antivirus. Then install and run online scanner as instructed.

Amson
2009-03-17, 12:12
Thanks for the info and pleased about the false positives. I'll run Kaspersky online scanner tonight overnight and will post result tomorrow if internet connection is OK. Thanks again.

Blade81
2009-03-17, 18:37
Ok. Shall wait for your reply :)

Amson
2009-03-17, 19:15
Have now been able to run online version of Kaspersky.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, March 18, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 17, 2009 11:04:39
Records in database: 1920995
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\

Scan statistics:
Files scanned: 282492
Threat name: 1
Infected objects: 0
Suspicious objects: 1
Duration of the scan: 02:23:21


File name / Threat name / Threats count
C:\Documents and Settings\Amson\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

Thanks for your help.

Blade81
2009-03-17, 19:48
Hi

Please delete email messages in C:\Documents and Settings\Amson\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst that look suspicious to you (if any).

Also, please uninstall old Javas and install a fresh one from the link I posted a bit earlier.

After that, post dds log and let me know how's the system running.

Amson
2009-03-20, 10:29
Working well for one day and then virus scanner found another trojan yesterday (can't find name in logs??). Seemed to deal with it OK but system slow again now. DDS crashed first run (computer shut down) but OK on second attempt. Here are the logs:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Carolyn Stewart at 18:23:03.14 on Fri 20/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.1419 [GMT 10:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Other Program Files\Super\SUPERAntiSpyware.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Carolyn Stewart\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://au.my.yahoo.com/?_sli=1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\other program files\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] d:\other program files\super\SUPERAntiSpyware.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [ASUS Probe] c:\program files\asus\asus probe\AsusProb.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\caroly~1\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
Trusted Zone: virginmobile.com.au\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - d:\other program files\super\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\other program files\super\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;d:\other program files\super\sasdifsv.sys [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;d:\other program files\super\SASKUTIL.SYS [2008-11-17 55024]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-2-12 26104]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-26 1174152]
R3 SASENUM;SASENUM;d:\other program files\super\SASENUM.SYS [2008-11-17 7408]
S3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2009-1-21 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2009-1-21 13312]

=============== Created Last 30 ================

2009-03-19 20:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-19 20:54 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-17 09:01 <DIR> --d----- c:\program files\Kaspersky Lab
2009-03-17 08:53 <DIR> --d----- C:\kav
2009-03-17 06:03 <DIR> --d----- C:\ComboFix
2009-03-16 07:25 <DIR> a-dshr-- C:\cmdcons
2009-03-16 07:23 161,792 a------- c:\windows\SWREG.exe
2009-03-16 07:23 98,816 a------- c:\windows\sed.exe
2009-03-14 07:01 <DIR> --d----- c:\windows\pss
2009-03-13 19:58 <DIR> --d----- c:\program files\Trend Micro
2009-03-13 16:42 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Desktopicon
2009-03-13 16:42 <DIR> --d----- c:\program files\Unlocker
2009-03-13 13:20 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-13 13:19 <DIR> --d----- c:\documents and settings\carolyn stewart\.housecall6.6
2009-03-13 09:10 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-13 08:14 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-03-12 19:00 28 a------- c:\windows\Lic.xxx
2009-03-12 19:00 28,672 a------- c:\windows\system32\eEmpty.exe
2009-03-12 19:00 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-12 19:00 146,432 a------- c:\windows\R.COM
2009-03-12 19:00 135,680 a------- c:\windows\system32\T.COM
2009-03-12 19:00 <DIR> --d----- c:\program files\common files\MicroWorld
2009-03-12 19:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld
2009-02-24 19:31 <DIR> --d----- c:\docume~1\caroly~1\applic~1\Malwarebytes
2009-02-24 19:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-24 19:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 19:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-24 19:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 08:35 552 a------- c:\windows\system32\DO_NOT_DELETE.backupSetID

==================== Find3M ====================

2009-02-09 21:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-25 10:15 1,882 a------- c:\windows\eReg.dat
2008-12-21 09:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-15 09:49 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2006-05-14 10:39 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLea.DAT
2002-07-28 23:40 1,059,840 a------- c:\program files\DS_Bonus_Plugin.8bf
2008-12-12 14:11 2,932 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-05-29 06:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052920080530\index.dat

============= FINISH: 18:23:41.96 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 28/02/2006 5:23:30 PM
System Uptime: 20/03/2009 6:12:57 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5S800-VM
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3192/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 7.156 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 15.853 GiB free.
E: is FIXED (NTFS) - 127 GiB total, 53.88 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 73.087 GiB free.
G: is FIXED (NTFS) - 135 GiB total, 1.453 GiB free.
H: is FIXED (NTFS) - 279 GiB total, 244.602 GiB free.
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1054: 7/02/2009 11:53:38 AM - System Checkpoint
RP1055: 7/02/2009 2:44:45 PM - Software Distribution Service 3.0
RP1056: 7/02/2009 9:48:17 PM - Software Distribution Service 3.0
RP1057: 8/02/2009 9:15:28 PM - Software Distribution Service 3.0
RP1058: 9/02/2009 9:35:00 PM - Software Distribution Service 3.0
RP1059: 10/02/2009 11:59:39 AM - Software Distribution Service 3.0
RP1060: 10/02/2009 10:30:44 PM - Software Distribution Service 3.0
RP1061: 12/02/2009 6:18:15 AM - Software Distribution Service 3.0
RP1062: 12/02/2009 9:43:51 PM - Software Distribution Service 3.0
RP1063: 13/02/2009 8:53:37 PM - Software Distribution Service 3.0
RP1064: 14/02/2009 10:12:33 PM - Software Distribution Service 3.0
RP1065: 15/02/2009 8:58:36 PM - Software Distribution Service 3.0
RP1066: 16/02/2009 7:45:43 AM - Software Distribution Service 3.0
RP1067: 16/02/2009 2:34:53 PM - Software Distribution Service 3.0
RP1068: 16/02/2009 9:36:37 PM - Software Distribution Service 3.0
RP1069: 17/02/2009 2:20:31 PM - Software Distribution Service 3.0
RP1070: 17/02/2009 8:55:48 PM - Software Distribution Service 3.0
RP1071: 18/02/2009 9:23:31 AM - Software Distribution Service 3.0
RP1072: 18/02/2009 5:56:33 PM - Software Distribution Service 3.0
RP1073: 18/02/2009 9:04:42 PM - Software Distribution Service 3.0
RP1074: 19/02/2009 12:29:48 PM - Software Distribution Service 3.0
RP1075: 19/02/2009 8:26:24 PM - Software Distribution Service 3.0
RP1076: 20/02/2009 2:36:40 PM - Software Distribution Service 3.0
RP1077: 20/02/2009 9:50:21 PM - Software Distribution Service 3.0
RP1078: 21/02/2009 9:49:56 AM - Software Distribution Service 3.0
RP1079: 21/02/2009 11:26:24 PM - Software Distribution Service 3.0
RP1080: 22/02/2009 6:07:04 PM - Software Distribution Service 3.0
RP1081: 22/02/2009 10:29:39 PM - Software Distribution Service 3.0
RP1082: 23/02/2009 11:28:39 AM - Software Distribution Service 3.0
RP1083: 23/02/2009 9:29:34 PM - Software Distribution Service 3.0
RP1084: 24/02/2009 12:06:00 PM - Software Distribution Service 3.0
RP1085: 24/02/2009 9:08:26 PM - Software Distribution Service 3.0
RP1086: 25/02/2009 11:01:30 AM - Software Distribution Service 3.0
RP1087: 25/02/2009 9:28:54 PM - Software Distribution Service 3.0
RP1088: 26/02/2009 6:14:40 AM - Software Distribution Service 3.0
RP1089: 26/02/2009 7:58:59 PM - Software Distribution Service 3.0
RP1090: 27/02/2009 8:00:01 PM - Software Distribution Service 3.0
RP1091: 27/02/2009 9:47:48 PM - Software Distribution Service 3.0
RP1092: 28/02/2009 9:44:26 PM - Software Distribution Service 3.0
RP1093: 1/03/2009 9:38:18 PM - Software Distribution Service 3.0
RP1094: 2/03/2009 9:35:49 PM - Software Distribution Service 3.0
RP1095: 3/03/2009 1:08:15 PM - Software Distribution Service 3.0
RP1096: 3/03/2009 9:23:22 PM - Software Distribution Service 3.0
RP1097: 4/03/2009 9:42:48 PM - Software Distribution Service 3.0
RP1098: 5/03/2009 10:02:31 PM - Software Distribution Service 3.0
RP1099: 6/03/2009 3:48:57 PM - Software Distribution Service 3.0
RP1100: 6/03/2009 9:24:42 PM - Software Distribution Service 3.0
RP1101: 7/03/2009 9:36:15 PM - Software Distribution Service 3.0
RP1102: 8/03/2009 4:16:42 PM - Software Distribution Service 3.0
RP1103: 8/03/2009 9:13:41 PM - Software Distribution Service 3.0
RP1104: 9/03/2009 11:17:12 AM - Software Distribution Service 3.0
RP1105: 9/03/2009 9:59:56 PM - Software Distribution Service 3.0
RP1106: 10/03/2009 11:07:05 AM - Software Distribution Service 3.0
RP1107: 10/03/2009 8:35:41 PM - Software Distribution Service 3.0
RP1108: 10/03/2009 9:19:51 PM - Software Distribution Service 3.0
RP1109: 11/03/2009 9:15:01 PM - Software Distribution Service 3.0
RP1110: 12/03/2009 3:30:00 PM - Microsoft OneCare Protection Checkpoint
RP1111: 12/03/2009 3:33:11 PM - Software Distribution Service 3.0
RP1112: 12/03/2009 3:46:34 PM - Microsoft OneCare Protection Checkpoint
RP1113: 12/03/2009 3:51:14 PM - Microsoft OneCare Protection Checkpoint
RP1114: 12/03/2009 5:29:00 PM - Microsoft OneCare Protection Checkpoint
RP1115: 12/03/2009 5:37:33 PM - Installed Antispyware2008
RP1116: 12/03/2009 6:05:36 PM - Microsoft OneCare Protection Checkpoint
RP1117: 12/03/2009 8:25:22 PM - Software Distribution Service 3.0
RP1118: 12/03/2009 8:40:26 PM - Microsoft OneCare Protection Checkpoint
RP1119: 12/03/2009 9:13:03 PM - Software Distribution Service 3.0
RP1120: 13/03/2009 6:01:49 AM - Microsoft OneCare Protection Checkpoint
RP1121: 13/03/2009 6:08:46 AM - Microsoft OneCare Protection Checkpoint
RP1122: 13/03/2009 7:41:33 AM - Microsoft OneCare Protection Checkpoint
RP1123: 13/03/2009 9:19:44 AM - Removed Ad-Aware
RP1124: 13/03/2009 9:33:11 AM - Removed Ad-Aware
RP1125: 13/03/2009 9:57:55 AM - Removed Ad-Aware
RP1126: 13/03/2009 10:06:46 AM - Microsoft OneCare Protection Checkpoint
RP1127: 13/03/2009 11:59:40 AM - Removed Ad-Aware
RP1128: 13/03/2009 12:30:55 PM - Microsoft OneCare Protection Checkpoint
RP1129: 13/03/2009 12:55:59 PM - Microsoft OneCare Protection Checkpoint
RP1130: 13/03/2009 2:06:47 PM - Avira AntiVir Personal - 13/03/2009 14:06
RP1131: 13/03/2009 5:09:00 PM - Software Distribution Service 3.0
RP1132: 13/03/2009 5:18:25 PM - Microsoft OneCare Protection Checkpoint
RP1133: 13/03/2009 5:46:20 PM - Removed Ad-Aware
RP1134: 13/03/2009 7:47:06 PM - Microsoft OneCare Protection Checkpoint
RP1135: 13/03/2009 11:14:37 PM - Software Distribution Service 3.0
RP1136: 14/03/2009 5:53:31 AM - Microsoft OneCare Protection Checkpoint
RP1137: 14/03/2009 6:30:42 AM - Software Distribution Service 3.0
RP1138: 14/03/2009 6:50:44 AM - Microsoft OneCare Protection Checkpoint
RP1139: 14/03/2009 9:34:01 AM - Software Distribution Service 3.0
RP1140: 14/03/2009 10:25:49 AM - Microsoft OneCare Protection Checkpoint
RP1141: 14/03/2009 9:12:25 PM - Software Distribution Service 3.0
RP1142: 15/03/2009 10:50:18 AM - Removed Ad-Aware
RP1143: 15/03/2009 10:25:45 PM - Software Distribution Service 3.0
RP1144: 16/03/2009 7:24:05 AM - ComboFix created restore point
RP1145: 16/03/2009 10:12:31 AM - Software Distribution Service 3.0
RP1146: 16/03/2009 4:19:55 PM - Removed Ad-Aware
RP1147: 16/03/2009 5:49:50 PM - Software Distribution Service 3.0
RP1148: 16/03/2009 9:21:17 PM - Software Distribution Service 3.0
RP1149: 17/03/2009 6:04:15 AM - ComboFix created restore point
RP1150: 17/03/2009 6:14:01 AM - Removed Adobe Reader 7.1.0
RP1151: 17/03/2009 6:15:55 AM - Removed Adobe Reader Chinese Simplified Fonts
RP1152: 17/03/2009 6:28:54 AM - Installed Adobe Reader 9.1.
RP1153: 17/03/2009 6:34:21 AM - Removed J2SE Runtime Environment 5.0 Update 5
RP1154: 17/03/2009 6:34:49 AM - Removed J2SE Runtime Environment 5.0 Update 6
RP1155: 17/03/2009 6:35:20 AM - Removed J2SE Runtime Environment 5.0 Update 9
RP1156: 17/03/2009 8:54:41 AM - Avira AntiVir Personal - 17/03/2009 8:54
RP1157: 17/03/2009 9:00:58 AM - Installed Kaspersky Anti-Virus 7.0.
RP1158: 17/03/2009 8:15:59 PM - Removed Kaspersky Anti-Virus 7.0.
RP1159: 18/03/2009 3:00:39 AM - Software Distribution Service 3.0
RP1160: 18/03/2009 3:20:50 AM - Software Distribution Service 3.0
RP1161: 18/03/2009 12:06:20 PM - Software Distribution Service 3.0
RP1162: 18/03/2009 6:51:13 PM - Software Distribution Service 3.0
RP1163: 19/03/2009 8:36:02 AM - Removed Java(TM) 6 Update 3
RP1164: 19/03/2009 8:37:08 AM - Removed Java(TM) 6 Update 5
RP1165: 19/03/2009 8:38:07 AM - Removed LiveUpdate Notice (Symantec Corporation)
RP1166: 19/03/2009 8:39:16 AM - Removed Jasc Paint Shop Photo Album 5
RP1167: 19/03/2009 8:42:26 AM - Removed Better Homes and Gardens Home Designer Suite 6.0
RP1168: 19/03/2009 9:53:46 AM - Software Distribution Service 3.0
RP1169: 19/03/2009 2:35:31 PM - Microsoft OneCare Protection Checkpoint
RP1170: 19/03/2009 8:53:36 PM - Installed Java(TM) 6 Update 12
RP1171: 19/03/2009 9:44:13 PM - Software Distribution Service 3.0
RP1172: 20/03/2009 3:14:17 PM - Software Distribution Service 3.0

==== Installed Programs ======================


abrViewer.NET 1.0.1
ACDSee 9 Photo Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Advanced SystemCare 3
Alien Skin Snap Art
AM-DeadLink
ArtRage 2
ASUS Probe V2.24.09
ASUSDVD
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Canon iP4200
Canon MP Navigator 2.0
Canon MP150
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CD Stomper 32 bit
CEP - Color Enable Package
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DiMAGE Scan Dual4 ver.1.0
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
ERUNT 1.1j
Eye Candy 3
Fashion Solitaire
Fishdom
FixerBundle
Focus Magic 3.02
forteManager
Free CD to MP3 Converter
GTOneCare
Harry's Filters 3.01
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 12
Legacy 7.0
Legacy Charting 7.0
LightScribe 1.4.39.1
Livestation
Luxor 2
Mah Jong Quest II™
Malwarebytes' Anti-Malware
Mavis Beacon Teaches Typing 17
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Protection Service
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Live OneCare Resources v2.5.2900.22
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft Windows OneCare Live v2.5.2900.22
MoRUN.net Sticker
MotionDV STUDIO 5.1E LE for DV
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyHeritage Family Tree Builder
Nero Suite
Nikon Message Center
OGA Notifier 1.7.0105.35.0
OLYMPUS CAMEDIA Master 4.2
OmniPage SE 2.0
Opanda IExif 2.3
OpenAL
PartitionMagic
PhotoFilter 1.0
PictureProject
PowerQuest PartitionMagic 8.0
PX Engine
Quicken 2002 Personal Plus SE
QuickTime
RawShooter essentials 2005
RealPlayer
Realtek AC'97 Audio
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem ^^
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
SD Viewer for DV
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shadow Illuminator Home
SimCity 4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
The Font Thing
The Sims 2
The Sims 2 Open For Business
The Sims 2 Pets
The Sims Makin' Magic
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
ThreatExpert Memory Scanner 1.0
Topaz Adjust
Tradewinds Caravans™
Uninstall DreamSuite Bonus
Uninstall MysticalTTC
Uninstall MysticalTTCDEMO
Unlocker 1.8.7
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Video Stream Driver for Panasonic DVC
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
X-Lite 3.0

==== Event Viewer Messages From Past Week ========

13/03/2009 5:00:51 PM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
13/03/2009 4:47:31 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
13/03/2009 4:45:27 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort2.
13/03/2009 4:44:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {2AD36B72-A529-4F78-B727-309D01008B20} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 2:21:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {968B8E82-847B-45B9-B603-2A54BD718081} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:55:59 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {202EA27B-5334-4EDD-A54C-06A2E2FD37BD} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:30:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D47FC076-D9A2-44C9-B812-1617DA14B878} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 12:22:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {49368223-B042-44C9-96C9-B4929079EC27} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 10:06:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {82C622C9-EE19-43E7-9365-00930D3B1398} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 10:03:57 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon iP4200 share name Canon iP4200.
13/03/2009 8:43:02 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {8515DEE7-C581-43A9-A3A1-64ED2C92B453} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:41:33 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A9DB99F-349A-4DB4-8B1C-D9A8B383BA76} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:08:46 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {1DC0BE5C-F73E-4F9D-A69B-1A6094F401E9} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:01:49 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {DC8E1E66-60B5-45AF-963C-5B71D8CC41FB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 5:18:25 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {21F42A91-11DC-4ADB-8B21-D0070B98E54C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 6:13:15 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
13/03/2009 7:01:55 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {98E0F733-2E49-48DF-8CCC-EC60C4D2A908} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 7:47:07 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7C47596B-6CFF-4062-B931-A3F675EFB5E7} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Quarantine Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
13/03/2009 8:39:53 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {A534B4B8-554E-44B8-A59D-3E7471611A2C} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 5:53:31 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {801C533E-5DA1-484E-B85F-8D8DDFCFF4F6} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:05:54 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {81A95EA5-F32C-4B52-93A4-4BC383ED28F5} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:50:44 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {50EBACE5-9207-4860-842D-7745B6569812} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:51:37 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {D6D3063B-B7F1-4686-AB74-90180373E881} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 7:08:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The MSFWDrv service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service or group failed to start.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
14/03/2009 7:08:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aslm75 avgio avipbb eeCtrl Fips intelppm IPSec MRxSmb MSFWHLPR NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip WS2IFSL
14/03/2009 7:08:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
14/03/2009 7:15:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
14/03/2009 7:23:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
14/03/2009 10:23:34 AM, error: Print [19] - Sharing printer failed + 1722, Printer Canon MP150 Series Printer share name Canon MP150 Series Printer.
14/03/2009 10:25:50 AM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {C70714E6-B720-408C-A7E3-41895AA639C8} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 3:01:15 PM, error: OneCareMP [1008] - Windows OneCare Live has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {251EE402-E2C0-42A5-99B1-0AAE58351132} Scan Type: AntiMalware User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:20:35 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {821E08CF-D5CD-4905-9794-E41DBB8D785B} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 4:42:31 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {E0E5832C-A46F-46BF-BAEE-1C1071F25DEB} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
14/03/2009 6:57:04 PM, error: OneCareMP [3006] - Windows OneCare Live Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Obitel&threatid=2147617719 Scan ID: {7A63454D-5A25-4091-A15A-673FCB322097} User: CAROLYN-212D4EF\Carolyn Stewart Name: TrojanDownloader:Win32/Obitel ID: 2147617719 Severity: Severe Category: Trojan Downloader Path: Alert Type: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
15/03/2009 1:06:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SONIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{35C52376-D70E-45AA-. The master browser is stopping or an election is being forced.
14/03/2009 6:07:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file userinit.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================


What else should I do? I did a full scan with Malaware this morning and no errors.

Thanks for all your help.

Amson
2009-03-20, 11:07
Also deleted many emails from the specified account but none looked suspicious...

Blade81
2009-03-20, 16:46
Hi

Have you defragged your hard drives lately? It's recommended to do so.

It might help if you could find the infection name. Had you by any chance used any removable drive with the system before the infection message was thrown?

Amson
2009-03-21, 23:23
I defragged all drives and scanned online again with Kaspersky and the only error was same email error. I finally found a log from my virus scanner which listed the virus as follows:

Windows Live OneCare found potentially harmful or unwanted software on your computer
Threat Name: Virus:JS/Xilos
Detection Date and Time: 19/03/2009 2:34 PM
File Name: C:\Documents and Settings\Carolyn Stewart\Local Settings\Temporary Internet Files\Content.IE5\384HEYTM\clicksagent2[1].htm
Threat Severity: Severe
Threat Category: Virus
Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)
Threat Status: Clean failed


But virus not picked up by Kaspersky, Malaware or Spybot full scans.

No further problems but system is really slow, long time to load, freezes at times and drivers seem to have an issue - cannot listen to online radio now, mouse lags etc. Perhaps not malware issue now???

Thanks for all your help.

Blade81
2009-03-22, 11:40
Hi

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Delete following file if found:
C:\Documents and Settings\Carolyn Stewart\Local Settings\Temporary Internet Files\Content.IE5\384HEYTM\clicksagent2[1].htm

Run error checking against all your drives by following instructions here (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/kbtip.mspx).

Does sound work at all? If not then you need to reinstall correspondent drivers.

Hints for improving system performance >>here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)<<

Amson
2009-03-23, 12:54
Thanks for all your help. I'll reinstall/update drivers over the next few days as there are still a few problems here. But overall much improved!!! Thanks so much for your assistance!

Blade81
2009-03-23, 18:56
Ok. Let me know how that goes :)

Blade81
2009-03-29, 23:29
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.